![]() Instead, you run Linux as a non-root user, so that even if your account gets compromised, the attacker can't immediately get root access. ![]() This is because if you're compromised, the attacker would have root access to your system, which means they can do pretty much anything on your system. You should not be using Linux all the time as root. The sudo binary is there to give the normal user permissions to use root level actions like apt install. A lot of things, like installing packages with apt, need root/ sudo permission to be used. Usually, when you're on Linux, you're acting as a non-root user. Think of sudo as the way root access is granted to command line users under controlled circumstances. If you need root it should be under controlled circumstances. I still believe that best practices for implementing applications under UNIX-derived operating systems dictate that you run them under a non-root ID. Granted, in some implementations, like the major raspberry pi distros, where no password is prompted for, it serves merely as a rubber stamp. I think sudo's apparent lasting utility is that it reminds the command line user that they are about to do something which might merit some certainty in the outcome before typing. Had a calamity occurred it would have been difficult or impossible to sift through the forensics and determine who the fat-fingered perpetrator was. At the time, the only other option was 'su' which required everyone share a single password. It was written in the early 80's specifically to address a need to protect the integrity of a shared resource (A VAX-11/750 running BSD UNIX) from its users (the faculty of the CS Department at SUNY/Buffalo). ![]() To have a real separation of privileges you should run administration stuff on a totally separate account. A real unprivileged user should not have sudo capabilities. This is not even a real "escalation of privilege", because a user that can run sudo to become root already has the all the privileges. An attacker can replace your programs with aliases, or replace the binary files (putting malicious versions in ~/bin or wherever they can be executed in your path), etc. If you run that script, the next time you open your terminal and run sudo you will actually be running fake_sudo. It's not perfect, it doesn't even handle every case (it won't work well if you enter the wrong password), but it just shows you that sudo can be replaced by an attacker. That is a very basic example of code that an attacker could run on your machine. # Write the payload to the bashrc config file Here's a very basic example of why sudo offers no real protection against malicious code: # Create payload: replace sudo with an aliasĮcho "$password" | sudo -S Do my evil stuff with your passwordĮcho "Done with your command, now I could use $password to do what I want" So in the end it's just an administration tool, and not actually a security control meant to protect you from an attack. And if you (or a program or script) ends up touching system files or other users' files by mistake, without consciously using sudo, you will get a "permission denied" notice. Gaining all the privileges with one click or one key press might be dangerous, while sudo will at least force you to consciously type your password. The only purpose of sudo is to protect you from yourself, that is, to avoid messing up your system by mistake. In fact, at the moment you only got one answer to your question, and that answer is propagating that myth. In the past I believed it was actually a security control to prevent escalation of privilege and make attacks harder, because some people keep on insisting it also has that purpose, but that's actually false. So yes, it is basically useless for that purpose. Sudo has no real security purpose against a malicious third-party.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |